Krebs on Security

In-depth security news and investigation

Posts Tagged: Tor Carding Forum

The Evolution Market, an online black market that sells everything contraband — from marijuana, heroin and ecstasy to stolen identities and malicious hacking services — appears to have vanished in the last 24 hours with little warning. Much to the chagrin of countless merchants hawking their wares in the underground market, the curators of the project have reportedly absconded with the community’s bitcoins — a stash that some Evolution merchants reckon is worth more than USD $12 million.

The “Fraud Related” section of the Evolution Market before it vanished.

Reachable only via the Tor network (a.k.a. the “dark web” or “darknet”), Evolution Market quickly emerged as the go-to online bazaar for buyers and sellers of illicit goods following the shutdown of the infamous Silk Road marketplaces in 2013 and again late last year.

Evolution operates on an escrow system, allowing buyers and sellers to more confidently and successfully consummate sales of dodgy goods. But that means the market’s administrators at any given time have direct access to a tempting amount of virtually untraceable currency.

Denizens of the darkweb community say the moderators in charge of Evolution (known as just “Evo” by vendors and buyers alike) had in the past few days instituted long delays in responding to and processing withdrawal requests from the marketplace’s myriad vendors.

According to chatter from the Evolution discussion page on Reddit, Evo’s administrators — who go by the handles “Kimble” and “Verto” — initially blamed the delays on an unexpected influx of huge withdrawal requests that the community’s coffers could not satisfy all at once. The administrators assured anxious vendors that the issue would be resolved within 24 hours.

But before that 24 hours could elapse, the Evo community — its marketplace and user discussion forum — went offline. Now, volunteer moderators from those communities are posting to Reddit that the administrators have “exit scammed,” — essentially taken all the money and run. Continue reading →

Counterfeit $100s and $50s from “Willy Clock,” allegedly the online alias of a Texas man living in Uganda.

U.S. prosecutors say 27-year-old Ryan Andrew Gustafson – a.k.a. “Jack Farrel” and “Willy Clock” — is a U.S. citizen currently residing in Kampala, Uganda. Gustafson was arrested on Dec. 16 by Ugandan authorities and charged with conspiracy, counterfeiting, and unlawful possession of ammunition.

The defendant and his alleged accomplices are suspected of passing approximately $270,000 in fake U.S. currency in Uganda. In total, Ugandan authorities say they seized some $1.8 million in funny money from Gustafson’s operation.

The U.S. Secret Service, which investigates currency counterfeiting, said the investigation began in December 2013 when agents were alerted to the passing of counterfeit notes at retail stores and businesses in the Pittsburgh area. A press release from the Justice Department outlines the rest of the investigation:

“Agents determined that an individual identified as J.G. had passed these notes and was renting a postal box at The UPS Store on Pittsburgh’s South Side. On Feb 19, 2014, law enforcement learned that J.G. received three packages addressed from Beyond Computers, located in Kampala, Uganda. Agents executing a search warrant on the packages found $7,000 in counterfeit $100, $50 and $20 FRNs located in two hidden compartments within the packaging envelopes. A fingerprint on a document inside one of the packages was identified as belonging to Ryan Andrew Gustafson.”

“The Secret Service subsequently worked with Ugandan authorities to identify the source of the counterfeit [cash]. Their efforts led to A.B., who admitted to sending the packages, explaining that an American named “Jack Farrel,” and another person, provided him the counterfeit notes to ship. Based on information provided by A.B., the Secret Service used facial recognition to identify Jack Farrel as Ryan Andrew Gustafson.”

The government says Gustafson sold the bills through the Tor Carding Forum, a cybercrime shop that is unreachable from the regular Internet. Rather, visiting the Tor Carding Forum requires the visitor to route his communications through Tor, a free software-based service that helps users maintain anonymity by obfuscating their true location online. Continue reading →